Abstract
Pairing-based cryptosystems depend on the existence of groups where the Decision Diffie-Hellman problem is easy to solve, but the Computational Diffie-Hellman problem is hard. Such is the case of elliptic curve groups whose embedding degree is large enough to maintain a good security level, but small enough for arithmetic operations to be feasible. However, the embedding degree for most elliptic curves is enormous, and the few previously known suitable elliptic curves have embedding degree k ≤ 6. In this paper, we examine criteria for curves with larger k that generalize prior work by Miyaji et al. based on the properties of cyclotomic polynomials, and propose efficient representations for the underlying algebraic structures.
Co-sponsored by Scopus Tecnologia S. A.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
A. Agashe, K. Lauter, R. Venkatesan, “Constructing elliptic curves with a given number of points over a finite field,” Cryptology ePrint Archive, Report 2001/096, http://eprint.iacr.org/2001/096/.
R. Balasubramanian, N. Koblitz, “The improbability that an Elliptic Curve has Subexponential Discrete Log Problem under the Menezes-Okamoto-Vanstone Algorithm,” Journal of Cryptology, Vol. 11, No. 2, 1998, pp. 141–145.
P. S. L. M. Barreto, H. Y. Kim, B. Lynn, M. Scott, “Efficient Algorithms for Pairing-Based Cryptosystems,” Cryptology ePrint Archive, Report 2002/008, http://eprint.iacr.org/2002/008/.
I. Blake, G. Seroussi and N. Smart, “Elliptic Curves in Cryptography,” Cambridge University Press, 1999.
D. Boneh and M. Franklin, “Identity-based encryption from the Weil pairing,” Advances in Cryptology-Crypto’2001, Lecture Notes in Computer Science 2139, pp. 213–229, Springer-Verlag, 2001.
D. Boneh, B. Lynn, and H. Shacham, “Short signatures from the Weil pairing,” Asiacrypt’2001, Lecture Notes in Computer Science 2248, pp. 514–532, Springer-Verlag, 2002.
R. Crandall and C. Pomerance, “Prime Numbers: a Computational Perspective,” Springer-Verlag, 2001.
R. Dupont, A. Enge, F. Morain “Building curves with arbitrary small MOV degree over finite prime fields,” Cryptology ePrint Archive, Report 2002/094, available at http://eprint.iacr.org/2002/094.
G. Frey, M. Müller, and H. Rück, “The Tate Pairing and the Discrete Logarithm Applied to Elliptic Curve Cryptosystems,” IEEE Transactions on Information Theory, 45(5), pp. 1717–1719, 1999.
G. Frey and H. Rück, “A Remark Concerning m-Divisibility and the Discrete Logarithm in the Divisor Class Group of Curves,” Mathematics of Computation, 62 (1994), pp. 865–874.
S. D.T Galbraith, K. Harrison, D. Solera, ldImplementing the Tate pairing,“ Algorithmic Number Theory-ANTS” V, 2002, to appear.
F. Hess, “Exponent Group Signature Schemes and Efficient Identity Based Signature Schemes Based on Pairings,” Cryptology ePrint Archive, Report 2002/012, available at http://eprint.iacr.org/2002/012/.
IEEE Std 2000-1363, “Standard Specifications for Public Key Cryptography,” 2000.
A. Joux, “A one-round protocol for tripartite Diffie-Hellman,” Algorithm Number Theory Symposium-ANTS IV, Lecture Notes in Computer Science 1838, pp. 385–394, Springer-Verlag, 2000.
A. Joux and K. Nguyen, “Separating Decision Diffie-Hellman from Diffie-Hellman in Cryptographic Groups,” Cryptology ePrint Archive, Report 2001/003, http://eprint.iacr.org/2001/003/.
G. J. Lay, H. G. Zimmer, “Constructing Elliptic Curves with Given Group Order over Large Finite Fields,” Algorithmic Number Theory Symposium-ANTS I, Lecture Notes in Computer Science 877 (1994), pp. 250–263.
R. Lidl and H. Niederreiter, “Introduction to finite fields and their applications,” Cambridge University Press, 1986.
A. Menezes, T. Okamoto and S. Vanstone, “Reducing elliptic curve logarithms to logarithms in a finite field,” IEEE Transactions on Information Theory 39(1993), pp. 1639–1646.
A. Miyaji, M. Nakabayashi, and S. Takano, “New explicit conditions of elliptic curve traces for FR-reduction,” IEICE Trans. Fundamentals, Vol. E84 A, no. 5, May 2001.
F. Morain, “Building cyclic elliptic curves modulo large primes,” Advances in Cryptology-Eurocrypt’91, Lecture Notes in Computer Science 547 (1991), pp. 328–336.
T. Nagell, “Introduction to Number Theory,” 2nd reprint edition, Chelsea Publishing, 2001.
K. G. Paterson, “ID-based signatures from pairings on elliptic curves,” Cryptology ePrint Archive, Report 2002/004, available at http://eprint.iacr.org/2002/004/.
R. Sakai, K. Ohgishi and M. Kasahara, “Cryptosystems based on pairing,” 2000 Symposium on Cryptography and Information Security (SCIS2000), Okinawa, Japan, Jan. 26–28, 2000.
O. Schirokauer, D. Weber and T. Denny, “Discrete Logarithms: the Effectiveness of the Index Calculus Method,” ANTS, pp. 337–361, 1996.
J. H. Silverman, “Elliptic curve discrete logarithms and the index calculus,” Workshop on Elliptic Curve Cryptography (ECC’98), September 14–16, 1998.
N. P. Smart, “The Algorithmic Resolution of Diophantine Equations,” London Mathematical Society Student Text 41, Cambridge University Press, 1998.
N. Smart, “An Identity Based Authenticated Key Agreement Protocol Based on the Weil Pairing,” Cryptology ePrint Archive, Report 2001/111, available at http://eprint.iacr.org/2001/111/.
N. Tzanakis, “Solving elliptic diophantine equations by estimating linear forms in elliptic logarithms. The case of quartic equations,” Acta Arithmetica 75 (1996), pp. 165–190.
E. Verheul, “Self-blindable Credential Certificates from the Weil Pairing,” Advances in Cryptology-Asiacrypt’2001, Lecture Notes in Computer Science 2248 (2002), pp 533–551.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Barreto, P.S.L.M., Lynn, B., Scott, M. (2003). Constructing Elliptic Curves with Prescribed Embedding Degrees. In: Cimato, S., Persiano, G., Galdi, C. (eds) Security in Communication Networks. SCN 2002. Lecture Notes in Computer Science, vol 2576. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36413-7_19
Download citation
DOI: https://doi.org/10.1007/3-540-36413-7_19
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00420-2
Online ISBN: 978-3-540-36413-9
eBook Packages: Springer Book Archive